AWS Certified Developer – Associate — Question 278

An open-source map application gathers data from several geolocation APIs. The application's source code repository is public and can be used by anyone, but the geolocation APIs must not be directly accessible.

A developer must implement a solution to prevent the credentials that are used to access the APIs from becoming public. The solution also must ensure that the application still functions properly.

Which solution will meet these requirements MOST cost-effectively?

Answer options

• A. Store the credentials in AWS Secrets Manager. Retrieve the credentials by using the GetSecretValue API operation.
• B. Store the credentials in AWS Key Management Service (AWS KMS). Retrieve the credentials by using the GetPublicKey API operation.
• C. Store the credentials in AWS Security Token Service (AWS STS). Retrieve the credentials by using the GetCallerldentity API operation.
• D. Store the credentials in AWS Systems Manager Parameter Store. Retrieve the credentials by using the GetParameter API operation.

Correct answer: D

Explanation

AWS Systems Manager Parameter Store provides a highly cost-effective way to store configuration data and secrets, as standard parameters are free of charge, unlike AWS Secrets Manager which incurs a monthly fee per secret. AWS KMS and AWS STS are not designed for storing static third-party API keys, and their respective API operations (GetPublicKey and GetCallerIdentity) do not serve this purpose. Therefore, retrieving credentials from Parameter Store using the GetParameter API is the most economical and appropriate solution.